Subject: Re: syslog(3) security problem
To: Thor Lancelot Simon <firstname.lastname@example.org>
From: David Maxwell <email@example.com>
Date: 09/03/1995 05:34:31
> >> Would someone in core please commit the fixes for this to the tree?
> >Oh get a grip. It's been like 24 hours... *Some* people actually
> >have to work for a living...
> Can you think of something in this business that's more important than
> random outside people not being able to maraud about your machine at will?
> *Some* people might end up with a lot more work to do, for the same living,
> if they sup and blow away the fixes they've installed and don't notice.
> NetBSD is either a for-real operating system or it's not. That the vendors of
I'm sure I won't be the first (or only) person to say that running a -current
machine in a production environment implies walking the razor's edge.
Supping only means keeping an up to date set of sources. I don't think many
people would recommend building beta sources on a daily basis for a machine
you _need to rely on_.
This is of course, not to say that the fixes shouldn't get put in as soon as
they are verified.